Invalid Free Vulnerability in Canon Multifunction and Laser Printers
CVE-2025-14233

9.3CRITICAL

Key Information:

Vendor

Canon Inc.

Status
Satera Lbp670c Series
Satera Mf750c Series
Color Imageclass Lbp630c
Color Imageclass Mf650c Series
Vendor
CVE Published:
15 January 2026

What is CVE-2025-14233?

An invalid free vulnerability has been identified in the file deletion process of Small Office Multifunction Printers and Laser Printers manufactured by Canon. This vulnerability may allow an unauthorized attacker within the same network segment to cause the affected printer devices to become unresponsive or to execute arbitrary code. Affected printer models include various Satera, Color imageCLASS, i-SENSYS, and imageRUNNER series printers with specific firmware versions. Users are strongly advised to review their device firmware and apply necessary updates as recommended by Canon to mitigate potential security risks.

Affected Version(s)

1238i II 06.02 and earlier

1238iF II 06.02 and earlier

1238P II 06.02 and earlier

References

https://psirt.canon/advisory-information/cp2026-001/
vendor-advisory
https://canon.jp/support/support-info/260115vulnerability...
vendor-advisory
https://www.usa.canon.com/support/canon-product-advisorie...
vendor-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.